Free Malware Removal Forum

by **SEES** » September 16th, 2007, 7:13 pm

Here's the results of my log.
Please somebody help if possible.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:12:46 PM, on 9/16/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\nusrmgr.exe
C:\WINDOWS\system32\DeltTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\FNTS~1\wuauclt.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\system32\s?stem\s?rvices.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {5B6FACAA-1661-4CB3-3454-4971B0739FEE} - C:\WINDOWS\system32\owj.dll
O2 - BHO: (no name) - {5B6FADFD-156C-4CB9-3454-4971B07390EF} - C:\WINDOWS\System32\xnc.dll (file missing)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: Microsoft copyright - {971D5B7B-F7DF-43ee-B771-6B7FA09975C3} - tcprp.dll (file missing)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: oembios32.msdn_hlp - {D79E1D43-C805-40EF-8ACB-DFFB17E9A4AF} - C:\WINDOWS\system32\oembios32.dll
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Usrr] "C:\PROGRA~1\FNTS~1\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Sjgempdr] C:\WINDOWS\system32\s?stem\s?rvices.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9877780421
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 7462 bytes

by **Katana** » September 18th, 2007, 12:33 pm

Hello and welcome to the forums

My name is Katana and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:
1. If you don't know, stop and ask! Don't keep going on.
2. Please reply to this thread. Do not start a new topic.
3. Please continue to respond until I give you the "All Clear"
(Just because you can't see a problem doesn't mean it isn't there)

If you can do those three things, everything should go smoothly

Download and Run ComboFix

Download Combofix from one of the two links below :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectool ... mboFix.exe
Then double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Please post the ComboFix log along with a fresh HJT log in your reply

by **SEES** » September 18th, 2007, 11:21 pm

Here's my combo fix log

ComboFix 07-09-14.2 - "Courtney" 2007-09-18 22:06:39.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1108 [GMT -6:00]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\3721
C:\Program Files\3721\assist\asbar.dll
C:\Program Files\3721\helper.dll
C:\Program Files\Accoona
C:\Program Files\Accoona\ASearchAssist.dll
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\guid.dat
C:\Program Files\amsys\ijl15.dll
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\p2pnetworks\amp2pl.exe
C:\WINDOWS\764.exe
C:\WINDOWS\7search.dll
C:\WINDOWS\aconti.exe
C:\WINDOWS\adbar.dll
C:\WINDOWS\cbinst$.exe
C:\WINDOWS\daxtime.dll
C:\WINDOWS\dp0.dll
C:\WINDOWS\eventlowg.dll
C:\WINDOWS\fhfmm-Uninstaller.exe
C:\WINDOWS\fhfmm.exe
C:\WINDOWS\flt.dll
C:\WINDOWS\hcwprn.exe
C:\WINDOWS\hotporn.exe
C:\WINDOWS\ie_32.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\jd2002.dll
C:\WINDOWS\kkcomp$.exe
C:\WINDOWS\kkcomp.dll
C:\WINDOWS\kkcomp.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\kvnab.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\liqad$.exe
C:\WINDOWS\liqad.dll
C:\WINDOWS\liqad.exe
C:\WINDOWS\liqui-Uninstaller.exe
C:\WINDOWS\liqui.dll
C:\WINDOWS\liqui.exe
C:\WINDOWS\ngd.dll
C:\WINDOWS\pbar.dll
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\spredirect.dll
C:\WINDOWS\system32\ESHOPEE.exe
C:\WINDOWS\system32\gtv_sd.bin
C:\WINDOWS\system32\msole32.exe
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\vxddsk.exe
C:\WINDOWS\wbeCheck.exe
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\wml.exe
C:\WINDOWS\xadbrk.dll
C:\WINDOWS\xadbrk.exe
C:\WINDOWS\xadbrk_.exe
C:\WINDOWS\xxxvideo.exe

.
((((((((((((((((((((((((( Files Created from 2007-08-19 to 2007-09-19 )))))))))))))))))))))))))))))))
.

2007-09-16 19:39 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-09-16 18:52 851,968 -----c--- C:\WINDOWS\system32\dllcache\vgx.dll
2007-09-16 18:49 29,184 --a------ C:\WINDOWS\system32\ace16win.dll
2007-09-16 18:41 684 --a------ C:\WINDOWS\system32\tmp.reg
2007-09-16 18:40 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-09-16 18:40 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-09-16 18:40 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2007-09-16 18:40 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-09-16 13:01 <DIR> d-------- C:\WINDOWS\provisioning
2007-09-16 13:01 <DIR> d-------- C:\WINDOWS\peernet
2007-09-16 12:59 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2007-09-15 17:49 <DIR> d-------- C:\Program Files\SymNetDrv
2007-09-15 17:41 82,984 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-09-15 17:41 82,136 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-09-15 17:41 4,096 --a------ C:\WINDOWS\system32\drivers\symlcbrd.sys
2007-09-15 17:41 <DIR> d-------- C:\Program Files\Norton AntiVirus
2007-09-15 17:40 <DIR> d-------- C:\Program Files\Symantec
2007-09-15 17:40 <DIR> d-------- C:\Program Files\Common Files\Symantec Shared
2007-09-15 17:40 <DIR> d-------- C:\DOCUME~1\Courtney\APPLIC~1\Symantec
2007-09-15 17:40 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Symantec
2007-09-15 17:04 <DIR> d-------- C:\DOCUME~1\Courtney\APPLIC~1\TrojanHunter
2007-09-15 16:08 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-09-15 15:39 <DIR> d-------- C:\Program Files\Trend Micro
2007-09-15 15:32 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2007-09-15 15:32 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2007-09-15 15:32 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2007-09-15 15:32 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2007-09-15 15:32 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2007-09-15 15:32 <DIR> d-a------ C:\DOCUME~1\ALLUSE~1\APPLIC~1\TEMP
2007-09-15 15:32 <DIR> d-------- C:\Program Files\Trojan Remover
2007-09-15 15:32 <DIR> d-------- C:\DOCUME~1\Courtney\APPLIC~1\Simply Super Software
2007-09-15 15:32 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Simply Super Software
2007-09-15 15:31 <DIR> d-------- C:\WINDOWS\EHome
2007-09-15 13:23 4,569 --------- C:\WINDOWS\system32\secupd.dat
2007-09-15 13:23 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2007-09-15 12:29 <DIR> d-------- C:\Program Files\Lavasoft
2007-09-15 12:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Lavasoft
2007-09-15 12:28 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-09-15 12:09 614,912 --a------ C:\WINDOWS\system32\h323msp.dll
2007-09-15 12:09 40,960 -----c--- C:\WINDOWS\system32\dllcache\evtgprov.dll
2007-09-15 12:09 39,936 --a------ C:\WINDOWS\system32\mf3216.dll
2007-09-15 12:09 331,264 --a------ C:\WINDOWS\system32\ipnathlp.dll
2007-09-15 12:09 26,112 --a------ C:\WINDOWS\system32\xpsp1hfm.exe
2007-09-15 12:00 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2007-09-15 11:29 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2007-09-15 11:27 984,064 -----c--- C:\WINDOWS\system32\dllcache\kernel32.dll
2007-09-15 11:24 4 --a------ C:\WINDOWS\system32\stfv.bin
2007-09-15 11:04 <DIR> d-------- C:\WINDOWS\system32\acespy
2007-09-15 10:44 22,016 --a------ C:\WINDOWS\system32\oembios32.dll
2007-09-15 10:21 21,504 --a------ C:\WINDOWS\system32\tcprp.dll
2007-09-15 10:21 21,504 --a------ C:\WINDOWS\system32\sipov.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-09-15 15:28 --------- d-------- C:\Program Files\BigFix
2007-09-08 11:22 --------- dr------- C:\Program Files\Ableton
2007-08-22 11:06 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Google
2007-08-07 13:58 8320 --a------ C:\WINDOWS\system32\drivers\AWRTRD.sys
2007-08-07 13:56 9344 --a------ C:\WINDOWS\system32\drivers\NSDriver.sys
2007-07-27 17:12 --------- d-------- C:\Program Files\Sonic Foundry Setup
2007-07-27 17:12 --------- d-------- C:\Program Files\Sonic Foundry
2007-07-27 17:11 --------- d-------- C:\DOCUME~1\Courtney\APPLIC~1\Sonic Foundry
2007-07-27 17:08 --------- d-------- C:\DOCUME~1\Courtney\APPLIC~1\Publish Providers
2007-07-27 17:08 --------- d-------- C:\DOCUME~1\Courtney\APPLIC~1\NetMedia Providers
2007-07-27 10:16 --------- d-------- C:\DOCUME~1\Courtney\APPLIC~1\Google
2007-07-25 18:43 --------- d-------- C:\Program Files\Winamp
2007-07-25 18:40 --------- d-------- C:\Program Files\iTunes
2007-07-25 18:40 --------- d-------- C:\Program Files\iPod
2007-07-25 18:39 --------- d-------- C:\Program Files\QuickTime
2007-07-25 18:38 --------- d-------- C:\Program Files\Apple Software Update
2007-07-25 18:38 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple
2007-07-23 18:59 --------- d-------- C:\DOCUME~1\Courtney\APPLIC~1\Cycling '74
2007-07-23 18:57 --------- d-------- C:\Program Files\Common Files\Digidesign
2007-07-23 18:57 --------- d-------- C:\Program Files\Common Files\C74 Plug-in Support
2007-07-23 18:40 --------- d-------- C:\DOCUME~1\Courtney\APPLIC~1\PACE Anti-Piracy
2007-07-23 18:40 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\PACE Anti-Piracy
2007-07-22 23:14 --------- d-------- C:\Program Files\Satsuki Decoder Pack
2007-07-22 22:46 --------- d-------- C:\DOCUME~1\Courtney\APPLIC~1\Apple Computer
2007-07-22 22:46 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Apple Computer
2007-07-22 19:14 --------- d-------- C:\Program Files\Antares
2007-07-22 18:30 --------- d-------- C:\Program Files\Waves
2007-07-22 18:29 --------- d--h----- C:\Program Files\InstallShield Installation Information
2007-07-22 18:06 --------- d-------- C:\Program Files\YAMAHA
2007-07-22 18:06 --------- d-------- C:\Program Files\VstPlugins
2007-07-22 16:23 --------- d-------- C:\Program Files\AAS
2007-07-22 16:09 --------- d-------- C:\Program Files\Native Instruments
2007-07-22 12:16 --------- d-------- C:\DOCUME~1\Courtney\APPLIC~1\Ableton
2007-07-22 12:12 --------- d-------- C:\Program Files\M-Audio MA_CMIDI
2007-07-22 12:04 --------- d-------- C:\DOCUME~1\Courtney\APPLIC~1\Propellerhead Software
2007-07-22 12:02 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Propellerhead Software
2007-07-22 11:52 --------- d-------- C:\Program Files\Propellerhead
2007-07-22 11:49 --------- d-------- C:\DOCUME~1\Courtney\APPLIC~1\Applied Acoustics Systems
2007-07-22 11:48 --------- d-------- C:\Program Files\Waves Transform
2007-07-22 11:35 --------- d-------- C:\Program Files\reFX Slayer VSTi v1.1
2007-07-22 11:31 --------- d-------- C:\Program Files\Digidesign
2007-07-22 11:31 --------- d-------- C:\Program Files\Arturia
2007-07-22 11:24 --------- d-------- C:\Program Files\Common Files\PACE Anti-Piracy
2007-07-22 11:20 --------- d-------- C:\Program Files\Cycling '74
2007-07-22 11:20 --------- d-------- C:\Program Files\Common Files\Cycling '74
2007-07-22 11:08 --------- d-------- C:\Program Files\Steinberg
2007-07-22 11:08 --------- d-------- C:\DOCUME~1\Courtney\APPLIC~1\WinRAR
2007-07-22 11:07 --------- d-------- C:\Program Files\M-Audio Delta
2007-07-22 11:07 --------- d-------- C:\Program Files\Common Files\InstallShield
2007-07-22 10:41 --------- d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ableton
.

((((((((((((((((((((((((((((( snapshot_2007-09-16_194708.01 )))))))))))))))))))))))))))))))))))))))))
.
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\0c114cf5b19927cfea8b29c83de1ed86\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\0c114cf5b19927cfea8b29c83de1ed86\spuninst.exe
------w 81,408 2004-08-04 07:56:42 C:\WINDOWS\SoftwareDistribution\Download\0c114cf5b19927cfea8b29c83de1ed86\backup\sp2gdr\directdb.dll
------w 678,400 2004-08-04 07:56:42 C:\WINDOWS\SoftwareDistribution\Download\0c114cf5b19927cfea8b29c83de1ed86\backup\sp2gdr\inetcomm.dll
------w 1,311,232 2004-08-04 07:56:43 C:\WINDOWS\SoftwareDistribution\Download\0c114cf5b19927cfea8b29c83de1ed86\backup\sp2gdr\msoe.dll
------w 504,832 2004-08-04 07:56:46 C:\WINDOWS\SoftwareDistribution\Download\0c114cf5b19927cfea8b29c83de1ed86\backup\sp2gdr\wab32.dll
------w 84,992 2004-08-04 07:56:46 C:\WINDOWS\SoftwareDistribution\Download\0c114cf5b19927cfea8b29c83de1ed86\backup\sp2gdr\wabimp.dll
------w 678,400 2004-08-04 07:56:42 C:\WINDOWS\SoftwareDistribution\Download\0c114cf5b19927cfea8b29c83de1ed86\backup\sp2qfe\inetcomm.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\0c114cf5b19927cfea8b29c83de1ed86\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\0c114cf5b19927cfea8b29c83de1ed86\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\0c114cf5b19927cfea8b29c83de1ed86\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\131ae35a2f5be2cefedd349d083bb253\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\131ae35a2f5be2cefedd349d083bb253\spuninst.exe
------w 574,592 2004-08-04 06:15:09 C:\WINDOWS\SoftwareDistribution\Download\131ae35a2f5be2cefedd349d083bb253\backup\sp2gdr\ntfs.sys
------w 574,592 2004-08-04 06:15:09 C:\WINDOWS\SoftwareDistribution\Download\131ae35a2f5be2cefedd349d083bb253\backup\sp2qfe\ntfs.sys
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\131ae35a2f5be2cefedd349d083bb253\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\131ae35a2f5be2cefedd349d083bb253\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\131ae35a2f5be2cefedd349d083bb253\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\1950380ad27a186ad7b25c1e483494eb\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\1950380ad27a186ad7b25c1e483494eb\spuninst.exe
------w 280,064 2005-12-29 02:54:35 C:\WINDOWS\SoftwareDistribution\Download\1950380ad27a186ad7b25c1e483494eb\backup\sp2gdr\gdi32.dll
------w 280,064 2005-12-29 02:54:35 C:\WINDOWS\SoftwareDistribution\Download\1950380ad27a186ad7b25c1e483494eb\backup\sp2qfe\gdi32.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\1950380ad27a186ad7b25c1e483494eb\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\1950380ad27a186ad7b25c1e483494eb\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\1950380ad27a186ad7b25c1e483494eb\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\29f79ad83880337acafe2a37966d9d29\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\29f79ad83880337acafe2a37966d9d29\spuninst.exe
------w 291,840 2005-09-01 01:41:54 C:\WINDOWS\SoftwareDistribution\Download\29f79ad83880337acafe2a37966d9d29\backup\sp2gdr\winsrv.dll
------w 291,840 2005-09-01 01:41:54 C:\WINDOWS\SoftwareDistribution\Download\29f79ad83880337acafe2a37966d9d29\backup\sp2qfe\winsrv.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\29f79ad83880337acafe2a37966d9d29\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\29f79ad83880337acafe2a37966d9d29\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\29f79ad83880337acafe2a37966d9d29\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\33831624a2e810dc854ea2f820d0dd53\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\33831624a2e810dc854ea2f820d0dd53\spuninst.exe
------w 713,216 2004-08-04 07:56:46 C:\WINDOWS\SoftwareDistribution\Download\33831624a2e810dc854ea2f820d0dd53\backup\sp2gdr\sxs.dll
------w 713,216 2004-08-04 07:56:46 C:\WINDOWS\SoftwareDistribution\Download\33831624a2e810dc854ea2f820d0dd53\backup\sp2qfe\sxs.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\33831624a2e810dc854ea2f820d0dd53\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\33831624a2e810dc854ea2f820d0dd53\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\33831624a2e810dc854ea2f820d0dd53\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\343df13f0a7d4e9264393401164eed58\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\343df13f0a7d4e9264393401164eed58\spuninst.exe
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\343df13f0a7d4e9264393401164eed58\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\343df13f0a7d4e9264393401164eed58\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\343df13f0a7d4e9264393401164eed58\update\updspapi.dll
----a-w 7,168 2004-10-14 18:34:51 C:\WINDOWS\SoftwareDistribution\Download\35d340428a8f32f0a91986e753c6e613\spmsg.dll
----a-w 169,984 2004-10-14 18:36:16 C:\WINDOWS\SoftwareDistribution\Download\35d340428a8f32f0a91986e753c6e613\spuninst.exe
----a-w 134,912 2004-09-29 22:28:37 C:\WINDOWS\SoftwareDistribution\Download\35d340428a8f32f0a91986e753c6e613\sp2gdr\ipnat.sys
----a-w 134,912 2004-09-29 22:31:17 C:\WINDOWS\SoftwareDistribution\Download\35d340428a8f32f0a91986e753c6e613\sp2qfe\ipnat.sys
----a-w 21,504 2004-10-14 18:36:15 C:\WINDOWS\SoftwareDistribution\Download\35d340428a8f32f0a91986e753c6e613\update\spcustom.dll
----a-w 654,848 2004-10-14 18:34:52 C:\WINDOWS\SoftwareDistribution\Download\35d340428a8f32f0a91986e753c6e613\update\update.exe
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\393673217fc83f2b990ca70aa98f1df8\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\393673217fc83f2b990ca70aa98f1df8\spuninst.exe
------w 144,896 2004-08-04 07:56:44 C:\WINDOWS\SoftwareDistribution\Download\393673217fc83f2b990ca70aa98f1df8\backup\sp2gdr\schannel.dll
------w 144,896 2004-08-04 07:56:44 C:\WINDOWS\SoftwareDistribution\Download\393673217fc83f2b990ca70aa98f1df8\backup\sp2qfe\schannel.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\393673217fc83f2b990ca70aa98f1df8\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\393673217fc83f2b990ca70aa98f1df8\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\393673217fc83f2b990ca70aa98f1df8\update\updspapi.dll
----a-w 14,048 2005-10-12 23:16:49 C:\WINDOWS\SoftwareDistribution\Download\4387300ca1dcf29784a47c30e67cb637\spmsg.dll
----a-w 213,216 2005-10-12 23:16:49 C:\WINDOWS\SoftwareDistribution\Download\4387300ca1dcf29784a47c30e67cb637\spuninst.exe
------w 41,984 2004-08-04 07:56:41 C:\WINDOWS\SoftwareDistribution\Download\4387300ca1dcf29784a47c30e67cb637\backup\sp2gdr\agentdp2.dll
------w 57,344 2005-04-22 05:06:42 C:\WINDOWS\SoftwareDistribution\Download\4387300ca1dcf29784a47c30e67cb637\backup\sp2gdr\agentdpv.dll
------w 256,512 2004-08-04 07:56:47 C:\WINDOWS\SoftwareDistribution\Download\4387300ca1dcf29784a47c30e67cb637\backup\sp2gdr\agentsvr.exe
------w 15,360 2005-05-17 00:25:35 C:\WINDOWS\SoftwareDistribution\Download\4387300ca1dcf29784a47c30e67cb637\backup\sp2gdr\xpsp3res.dll
------w 15,360 2005-05-17 00:25:35 C:\WINDOWS\SoftwareDistribution\Download\4387300ca1dcf29784a47c30e67cb637\backup\sp2qfe\xpsp3res.dll
----a-w 22,752 2005-10-12 23:16:49 C:\WINDOWS\SoftwareDistribution\Download\4387300ca1dcf29784a47c30e67cb637\update\spcustom.dll
----a-w 716,000 2005-10-12 23:16:51 C:\WINDOWS\SoftwareDistribution\Download\4387300ca1dcf29784a47c30e67cb637\update\update.exe
----a-w 371,424 2005-10-12 23:16:56 C:\WINDOWS\SoftwareDistribution\Download\4387300ca1dcf29784a47c30e67cb637\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\458b0ddf827cd2ca02539e5a3b1a3d3c\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\458b0ddf827cd2ca02539e5a3b1a3d3c\spuninst.exe
------w 553,472 2004-08-04 07:56:44 C:\WINDOWS\SoftwareDistribution\Download\458b0ddf827cd2ca02539e5a3b1a3d3c\backup\sp2gdr\oleaut32.dll
------w 553,472 2004-08-04 07:56:44 C:\WINDOWS\SoftwareDistribution\Download\458b0ddf827cd2ca02539e5a3b1a3d3c\backup\sp2qfe\oleaut32.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\458b0ddf827cd2ca02539e5a3b1a3d3c\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\458b0ddf827cd2ca02539e5a3b1a3d3c\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\458b0ddf827cd2ca02539e5a3b1a3d3c\update\updspapi.dll
----a-w 332,520 2005-02-07 21:27:18 C:\WINDOWS\SoftwareDistribution\Download\561c9bea035f5195ab841bef0d7c79b4\WindowsXP-KB887472-x86-express-enu.exe
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\spuninst.exe
----a-w 2,854,400 2007-04-18 16:12:23 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\SP2GDR\msi31.dll
----a-w 2,854,400 2007-04-18 16:14:43 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\SP2QFE\msi31.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\6bb372cecf80d03ab26b01c29db4654f\update\updspapi.dll
----a-w 498,742 2006-08-22 10:05:26 C:\WINDOWS\SoftwareDistribution\Download\85df2c3311b9f19cc118068642925ba1\dxmasf.dll
----a-w 13,536 2005-06-28 16:20:24 C:\WINDOWS\SoftwareDistribution\Download\85df2c3311b9f19cc118068642925ba1\spmsg.dll
----a-w 213,216 2005-06-28 16:23:26 C:\WINDOWS\SoftwareDistribution\Download\85df2c3311b9f19cc118068642925ba1\spuninst.exe
----a-w 246,814 2006-08-21 15:52:08 C:\WINDOWS\SoftwareDistribution\Download\85df2c3311b9f19cc118068642925ba1\strmdll.dll
----a-w 716,000 2005-06-28 16:24:52 C:\WINDOWS\SoftwareDistribution\Download\85df2c3311b9f19cc118068642925ba1\update\update.exe
----a-w 371,424 2005-06-28 16:23:54 C:\WINDOWS\SoftwareDistribution\Download\85df2c3311b9f19cc118068642925ba1\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\spuninst.exe
------w 1,016,832 2004-08-04 07:56:41 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2gdr\browseui.dll
------w 150,528 2004-08-04 07:56:41 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2gdr\cdfview.dll
------w 357,888 2004-08-04 07:56:42 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2gdr\dxtmsft.dll
------w 201,728 2004-08-04 07:56:42 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2gdr\dxtrans.dll
------w 55,808 2004-08-04 07:56:42 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2gdr\extmgr.dll
------w 18,432 2004-08-04 07:56:50 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2gdr\iedw.exe
------w 249,344 2004-08-04 07:56:42 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2gdr\iepeers.dll
------w 96,256 2004-08-04 07:56:42 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2gdr\inseng.dll
------w 15,872 2004-08-04 07:56:42 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2gdr\jsproxy.dll
------w 3,003,392 2004-08-04 07:56:43 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2gdr\mshtml.dll
------w 448,512 2004-08-04 07:56:43 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2gdr\mshtmled.dll
------w 146,432 2004-08-04 07:56:43 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2gdr\msrating.dll
------w 530,432 2004-08-04 07:56:43 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2gdr\mstime.dll
------w 39,424 2004-08-04 07:56:44 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2gdr\pngfilt.dll
------w 1,494,016 2006-09-04 06:08:01 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2gdr\shdocvw.dll
------w 473,600 2005-09-02 23:52:06 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2gdr\shlwapi.dll
------w 601,088 2004-08-04 07:56:46 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2gdr\urlmon.dll
------w 656,384 2004-08-04 07:56:46 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2gdr\wininet.dll
------w 15,360 2005-05-17 00:25:35 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2gdr\xpsp3res.dll
------w 1,016,832 2004-08-04 07:56:41 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2qfe\browseui.dll
------w 150,528 2004-08-04 07:56:41 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2qfe\cdfview.dll
------w 357,888 2004-08-04 07:56:42 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2qfe\dxtmsft.dll
------w 201,728 2004-08-04 07:56:42 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2qfe\dxtrans.dll
------w 55,808 2004-08-04 07:56:42 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2qfe\extmgr.dll
------w 249,344 2004-08-04 07:56:42 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2qfe\iepeers.dll
------w 96,256 2004-08-04 07:56:42 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2qfe\inseng.dll
------w 15,872 2004-08-04 07:56:42 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2qfe\jsproxy.dll
------w 3,003,392 2004-08-04 07:56:43 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2qfe\mshtml.dll
------w 448,512 2004-08-04 07:56:43 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2qfe\mshtmled.dll
------w 146,432 2004-08-04 07:56:43 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2qfe\msrating.dll
------w 530,432 2004-08-04 07:56:43 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2qfe\mstime.dll
------w 39,424 2004-08-04 07:56:44 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2qfe\pngfilt.dll
------w 1,494,016 2006-09-04 06:08:01 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2qfe\shdocvw.dll
------w 473,600 2005-09-02 23:52:06 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2qfe\shlwapi.dll
------w 601,088 2004-08-04 07:56:46 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2qfe\urlmon.dll
------w 656,384 2004-08-04 07:56:46 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2qfe\wininet.dll
------w 15,360 2005-05-17 00:25:35 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\backup\sp2qfe\xpsp3res.dll
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\866dfbcabf59f6e422168c9ec5d1af75\update\updspapi.dll
----a-w 7,168 2004-10-14 17:34:52 C:\WINDOWS\SoftwareDistribution\Download\86c1313b3b7233a513215d577f5db5c4\spmsg.dll
----a-w 169,984 2004-10-14 17:36:18 C:\WINDOWS\SoftwareDistribution\Download\86c1313b3b7233a513215d577f5db5c4\spuninst.exe
------w 1,667,584 2004-08-04 07:56:53 C:\WINDOWS\SoftwareDistribution\Download\86c1313b3b7233a513215d577f5db5c4\backup\sp2gdr\msmsgs.exe
----a-w 21,504 2004-10-14 17:36:16 C:\WINDOWS\SoftwareDistribution\Download\86c1313b3b7233a513215d577f5db5c4\update\spcustom.dll
----a-w 654,848 2004-10-14 17:34:54 C:\WINDOWS\SoftwareDistribution\Download\86c1313b3b7233a513215d577f5db5c4\update\update.exe
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\8a10de02595aa748279afc6c628f49a8\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\8a10de02595aa748279afc6c628f49a8\spuninst.exe
------w 171,776 2004-08-04 06:07:48 C:\WINDOWS\SoftwareDistribution\Download\8a10de02595aa748279afc6c628f49a8\backup\sp2gdr\kmixer.sys
------w 6,400 2004-08-04 06:07:47 C:\WINDOWS\SoftwareDistribution\Download\8a10de02595aa748279afc6c628f49a8\backup\sp2gdr\splitter.sys
------w 82,944 2004-08-04 06:15:04 C:\WINDOWS\SoftwareDistribution\Download\8a10de02595aa748279afc6c628f49a8\backup\sp2gdr\wdmaud.sys
------w 171,776 2004-08-04 06:07:48 C:\WINDOWS\SoftwareDistribution\Download\8a10de02595aa748279afc6c628f49a8\backup\sp2qfe\kmixer.sys
------w 6,400 2004-08-04 06:07:48 C:\WINDOWS\SoftwareDistribution\Download\8a10de02595aa748279afc6c628f49a8\backup\sp2qfe\splitter.sys
------w 82,944 2004-08-04 06:15:04 C:\WINDOWS\SoftwareDistribution\Download\8a10de02595aa748279afc6c628f49a8\backup\sp2qfe\wdmaud.sys
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\8a10de02595aa748279afc6c628f49a8\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\8a10de02595aa748279afc6c628f49a8\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\8a10de02595aa748279afc6c628f49a8\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\spuninst.exe
------w 280,064 2005-12-29 02:54:35 C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\backup\sp2gdr\gdi32.dll
------w 39,936 2004-08-04 07:56:42 C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\backup\sp2gdr\mf3216.dll
------w 577,024 2005-03-02 18:09:30 C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\backup\sp2gdr\user32.dll
------w 1,839,488 2005-10-06 00:05:59 C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\backup\sp2gdr\win32k.sys
------w 280,064 2005-12-29 02:54:35 C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\backup\sp2qfe\gdi32.dll
------w 39,936 2004-08-04 07:56:42 C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\backup\sp2qfe\mf3216.dll
------w 577,024 2005-03-02 18:09:30 C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\backup\sp2qfe\user32.dll
------w 1,839,488 2005-10-06 00:05:59 C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\backup\sp2qfe\win32k.sys
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\972f9ceb5c3be430fe6cdcb43653d74d\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\aa19f15378aa75d2b2c7ba5771e0c521\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\aa19f15378aa75d2b2c7ba5771e0c521\spuninst.exe
------w 537,088 2004-08-04 07:56:43 C:\WINDOWS\SoftwareDistribution\Download\aa19f15378aa75d2b2c7ba5771e0c521\backup\sp2gdr\msftedit.dll
------w 431,616 2004-08-04 07:56:44 C:\WINDOWS\SoftwareDistribution\Download\aa19f15378aa75d2b2c7ba5771e0c521\backup\sp2gdr\riched20.dll
------w 537,088 2004-08-04 07:56:43 C:\WINDOWS\SoftwareDistribution\Download\aa19f15378aa75d2b2c7ba5771e0c521\backup\sp2qfe\msftedit.dll
------w 431,616 2004-08-04 07:56:44 C:\WINDOWS\SoftwareDistribution\Download\aa19f15378aa75d2b2c7ba5771e0c521\backup\sp2qfe\riched20.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\aa19f15378aa75d2b2c7ba5771e0c521\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\aa19f15378aa75d2b2c7ba5771e0c521\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\aa19f15378aa75d2b2c7ba5771e0c521\update\updspapi.dll
----a-w 14,048 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\c1b0851ac9312d2f7e1ab716c11967b5\spmsg.dll
----a-w 213,216 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\c1b0851ac9312d2f7e1ab716c11967b5\spuninst.exe
------w 57,344 2005-04-22 05:06:42 C:\WINDOWS\SoftwareDistribution\Download\c1b0851ac9312d2f7e1ab716c11967b5\backup\sp2gdr\agentdpv.dll
------w 15,360 2005-05-17 00:25:35 C:\WINDOWS\SoftwareDistribution\Download\c1b0851ac9312d2f7e1ab716c11967b5\backup\sp2gdr\xpsp3res.dll
------w 15,360 2005-05-17 00:25:35 C:\WINDOWS\SoftwareDistribution\Download\c1b0851ac9312d2f7e1ab716c11967b5\backup\sp2qfe\xpsp3res.dll
----a-w 22,752 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\c1b0851ac9312d2f7e1ab716c11967b5\update\spcustom.dll
----a-w 716,000 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\c1b0851ac9312d2f7e1ab716c11967b5\update\update.exe
----a-w 371,424 2006-01-19 19:29:19 C:\WINDOWS\SoftwareDistribution\Download\c1b0851ac9312d2f7e1ab716c11967b5\update\updspapi.dll
----a-w 14,048 2005-10-12 23:16:49 C:\WINDOWS\SoftwareDistribution\Download\c3c3c6d9de8be474641d4bbceb22a36f\spmsg.dll
----a-w 213,216 2005-10-12 23:16:49 C:\WINDOWS\SoftwareDistribution\Download\c3c3c6d9de8be474641d4bbceb22a36f\spuninst.exe
------w 117,760 2002-08-29 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\c3c3c6d9de8be474641d4bbceb22a36f\backup\sp2gdr\oledlg.dll
------w 117,760 2002-08-29 12:00:00 C:\WINDOWS\SoftwareDistribution\Download\c3c3c6d9de8be474641d4bbceb22a36f\backup\sp2qfe\oledlg.dll
----a-w 22,752 2005-10-12 23:16:49 C:\WINDOWS\SoftwareDistribution\Download\c3c3c6d9de8be474641d4bbceb22a36f\update\spcustom.dll
----a-w 716,000 2005-10-12 23:16:51 C:\WINDOWS\SoftwareDistribution\Download\c3c3c6d9de8be474641d4bbceb22a36f\update\update.exe
----a-w 371,424 2005-10-12 23:16:56 C:\WINDOWS\SoftwareDistribution\Download\c3c3c6d9de8be474641d4bbceb22a36f\update\updspapi.dll
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\c87932aedce288373d0b6a6c23f00c8a\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\c87932aedce288373d0b6a6c23f00c8a\spuninst.exe
------w 851,968 2006-09-18 14:15:52 C:\WINDOWS\SoftwareDistribution\Download\c87932aedce288373d0b6a6c23f00c8a\backup\sp2gdr\vgx.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\c87932aedce288373d0b6a6c23f00c8a\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\c87932aedce288373d0b6a6c23f00c8a\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\c87932aedce288373d0b6a6c23f00c8a\update\updspapi.dll
----a-w 14,048 2005-10-12 23:16:49 C:\WINDOWS\SoftwareDistribution\Download\d1c98689cdcd0ea9312780ffc77a2cbe\spmsg.dll
----a-w 213,216 2005-10-12 23:16:49 C:\WINDOWS\SoftwareDistribution\Download\d1c98689cdcd0ea9312780ffc77a2cbe\spuninst.exe
------w 263,040 2004-08-04 06:00:13 C:\WINDOWS\SoftwareDistribution\Download\d1c98689cdcd0ea9312780ffc77a2cbe\backup\sp2gdr\http.sys
------w 263,040 2004-08-04 06:00:14 C:\WINDOWS\SoftwareDistribution\Download\d1c98689cdcd0ea9312780ffc77a2cbe\backup\sp2qfe\http.sys
----a-w 22,752 2005-10-12 23:16:49 C:\WINDOWS\SoftwareDistribution\Download\d1c98689cdcd0ea9312780ffc77a2cbe\update\spcustom.dll
----a-w 716,000 2005-10-12 23:16:51 C:\WINDOWS\SoftwareDistribution\Download\d1c98689cdcd0ea9312780ffc77a2cbe\update\update.exe
----a-w 371,424 2005-10-12 23:16:56 C:\WINDOWS\SoftwareDistribution\Download\d1c98689cdcd0ea9312780ffc77a2cbe\update\updspapi.dll
----a-w 13,536 2005-06-28 17:20:23 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\spmsg.dll
----a-w 213,216 2005-06-28 17:23:24 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\spuninst.exe
----a-w 2,330,624 2006-12-07 04:14:51 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\Emerald\WMVCORE.DLL
----a-w 716,000 2005-06-28 17:24:51 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\update\Update.exe
----a-w 371,424 2005-06-28 17:23:53 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\update\updspapi.dll
----a-w 2,374,472 2006-12-07 05:29:34 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\WMP10L\WMVCORE.DLL
----a-w 2,362,184 2006-12-07 06:40:49 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\WMP10NL\Wmvcore.dll
----a-w 2,071,368 2006-12-07 08:04:44 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\WMP9L\WMVCORE.DLL
----a-w 2,174,976 2006-12-07 23:02:24 C:\WINDOWS\SoftwareDistribution\Download\de2c6d6581fd8e41b54745bfb54e60c6\WMP9NL\WMVCORE.DLL
----a-w 14,048 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\spmsg.dll
----a-w 213,216 2005-10-12 23:12:26 C:\WINDOWS\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\spuninst.exe
------w 984,064 2006-07-05 10:55:01 C:\WINDOWS\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\backup\sp2gdr\kernel32.dll
------w 984,064 2006-07-05 10:55:01 C:\WINDOWS\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\backup\sp2qfe\kernel32.dll
----a-w 22,752 2005-10-12 23:12:25 C:\WINDOWS\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\update\spcustom.dll
----a-w 716,000 2005-10-12 23:12:29 C:\WINDOWS\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\update\update.exe
----a-w 371,424 2005-10-12 23:12:34 C:\WINDOWS\SoftwareDistribution\Download\fc75a45b73372bd0c2a61e3a51d766ff\update\updspapi.dll
----a-w 14,048 2007-03-06 01:22:36 C:\WINDOWS\SoftwareDistribution\Download\feba56dcf41a925dcdd58101f4bd971d\spmsg.dll
----a-w 213,216 2007-03-06 01:22:41 C:\WINDOWS\SoftwareDistribution\Download\feba56dcf41a925dcdd58101f4bd971d\spuninst.exe
----a-w 22,752 2007-03-06 01:22:34 C:\WINDOWS\SoftwareDistribution\Download\feba56dcf41a925dcdd58101f4bd971d\update\spcustom.dll
----a-w 716,000 2007-03-06 01:22:59 C:\WINDOWS\SoftwareDistribution\Download\feba56dcf41a925dcdd58101f4bd971d\update\update.exe
----a-w 371,424 2007-03-06 01:23:51 C:\WINDOWS\SoftwareDistribution\Download\feba56dcf41a925dcdd58101f4bd971d\update\updspapi.dll
----a-w 5,120 2007-09-17 05:21:19 C:\WINDOWS\SoftwareDistribution\EventCache\{10F6417E-F4A1-4B85-A3AE-B16B702674B5}.bin
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D79E1D43-C805-40EF-8ACB-DFFB17E9A4AF}]
2007-09-16 19:39 22016 --a------ C:\WINDOWS\system32\oembios32.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeltTray"="DeltTray.exe" [2004-08-26 22:43 C:\WINDOWS\system32\delttray.exe]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-09-04 13:26]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2003-11-10 07:30]
"Symantec NetDriver Monitor"="C:\PROGRA~1\SYMNET~1\SNDMon.exe" [2007-09-15 17:49]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-07-13 14:00]
"Usrr"="C:\PROGRA~1\FNTS~1\wuauclt.exe" []
"MSMSGS"="C:\Program Files\Messenger\MSMSGS.exe" [2004-08-04 01:56]

C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\Startup\
BigFix.lnk - C:\Program Files\BigFix\BigFix.exe [2007-09-15 15:28:18]
Microsoft Works Calendar Reminders.lnk - C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-07-13 14:00:00]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" -atboottime

R3 USBMM1X1;USB Midi 1x1 Driver;C:\WINDOWS\system32\drivers\usbmm1x1.sys
S3 USB11LDR;USB Midi 1x1 Loader;C:\WINDOWS\system32\drivers\usb11ldr.sys

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}]
C:\WINDOWS\system32\nusrmgr.exe
.
Contents of the 'Scheduled Tasks' folder
"2007-09-15 14:47:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-09-16 03:27:10 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer - Courtney.job"
- C:\PROGRA~1\NORTON~1\Navw32.exe
"2007-09-19 04:14:53 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-09-18 22:14:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\msole32.exe

scan completed successfully
hidden files: 3

**************************************************************************
.
Completion time: 2007-09-18 22:17:07 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-09-18 22:16
C:\ComboFix2.txt ... 2007-09-16 19:47
.
--- E O F ---
and here's my new hijack this log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:03 PM, on 9/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\DeltTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\nusrmgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {bb936323-19fa-4521-ba29-eca6a121bc78} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: oembios32.msdn_hlp - {D79E1D43-C805-40EF-8ACB-DFFB17E9A4AF} - C:\WINDOWS\system32\oembios32.dll
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Usrr] "C:\PROGRA~1\FNTS~1\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9877780421
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6529 bytes

by **Katana** » September 20th, 2007, 5:36 am

Hi SEES,

Well that got rid of a lot

Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code: Select all

DirLook::
C:\WINDOWS\provisioning
C:\WINDOWS\peernet
C:\PROGRA~1\FNTS~1

File::
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\oembios32.dll
C:\WINDOWS\system32\tcprp.dll
C:\WINDOWS\system32\sipov.dll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\msole32.exe
C:\PROGRA~1\FNTS~1\wuauclt.exe
C:\WINDOWS\system32\nusrmgr.exe

Folder::
C:\WINDOWS\system32\acespy

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12F02779-6D88-4958-8AD3-83C12D86ADC7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

Save this as CFScript.txt and place it on your desktop.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

SD Fix

DownloadSDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F5 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log

Logs/Information to Post in Reply
Please post the following logs/Information in your reply

ComboFix LOg
SDFix Log (Report.txt)
A fresh HJT Log (after all the above has been done)

by **SEES** » September 20th, 2007, 9:41 pm

Here's my SD Fix Log

SDFix: Version 1.106

Run by Courtney on 2007-09-20 at 19:49

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\4D.TMP - Deleted
C:\55.TMP - Deleted
C:\5B.TMP - Deleted
C:\63.TMP - Deleted
C:\65.TMP - Deleted
C:\67.TMP - Deleted
C:\68.TMP - Deleted
C:\69.TMP - Deleted
C:\7A.TMP - Deleted
C:\7E.TMP - Deleted
C:\80.TMP - Deleted
C:\82.TMP - Deleted
C:\WINDOWS\system32\sipov.dll - Deleted
C:\WINDOWS\system32\tcprp.dll - Deleted

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

C:\Program Files\Common Files\csshare\shell\us\shellext.dll
C:\Program Files\CompuServe 7.0\csphx.exe
C:\Program Files\CompuServe 7.0\cstray.exe
C:\Program Files\CompuServe 7.0\RBM.exe
C:\Program Files\CompuServe 7.0\wcs2000.exe
C:\Program Files\CompuServe 7.0\COMIT\cswitch.exe

Finished!
And my HJT Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41, on 2007-09-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\DeltTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: oembios32.msdn_hlp - {D79E1D43-C805-40EF-8ACB-DFFB17E9A4AF} - C:\WINDOWS\system32\oembios32.dll
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Usrr] "C:\PROGRA~1\FNTS~1\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9877780421
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6384 bytes

by **Katana** » September 21st, 2007, 3:53 am

Do you have the new ComboFix Log ?

by **SEES** » September 21st, 2007, 7:53 am

Here's the COMBOFIX Log
SORRY!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:41, on 2007-09-20
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\DeltTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {00000000-d9e3-4bc6-a0bd-3d0ca4be5271} - (no file)
O2 - BHO: (no name) - {00000012-890e-4aac-afd9-eff6954a34dd} - (no file)
O2 - BHO: (no name) - {029e02f0-a0e5-4b19-b958-7bf2db29fb13} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {06dfedaa-6196-11d5-bfc8-00508b4a487d} - (no file)
O2 - BHO: (no name) - {12F02779-6D88-4958-8AD3-83C12D86ADC7} - (no file)
O2 - BHO: (no name) - {1adbcce8-cf84-441e-9b38-afc7a19c06a4} - (no file)
O2 - BHO: (no name) - {2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71} - (no file)
O2 - BHO: (no name) - {51641ef3-8a7a-4d84-8659-b0911e947cc8} - (no file)
O2 - BHO: (no name) - {53C330D6-A4AB-419B-B45D-FD4411C1FEF4} - (no file)
O2 - BHO: (no name) - {54645654-2225-4455-44A1-9F4543D34546} - (no file)
O2 - BHO: (no name) - {669695bc-a811-4a9d-8cdf-ba8c795f261e} - (no file)
O2 - BHO: (no name) - {6abc861a-31e7-4d91-b43b-d3c98f22a5c0} - (no file)
O2 - BHO: (no name) - {944864a5-3916-46e2-96a9-a2e84f3f1208} - (no file)
O2 - BHO: (no name) - {a4a435cf-3583-11d4-91bd-0048546a1450} - (no file)
O2 - BHO: (no name) - {b8875bfe-b021-11d4-bfa8-00508b8e9bd3} - (no file)
O2 - BHO: (no name) - {c2680e10-1655-4a0e-87f8-4259325a84b7} - (no file)
O2 - BHO: (no name) - {c4ca6559-2cf1-48b6-96b2-8340a06fd129} - (no file)
O2 - BHO: (no name) - {c5af2622-8c75-4dfb-9693-23ab7686a456} - (no file)
O2 - BHO: (no name) - {ca1d1b05-9c66-11d5-a009-000103c1e50b} - (no file)
O2 - BHO: oembios32.msdn_hlp - {D79E1D43-C805-40EF-8ACB-DFFB17E9A4AF} - C:\WINDOWS\system32\oembios32.dll
O2 - BHO: (no name) - {d8efadf1-9009-11d6-8c73-608c5dc19089} - (no file)
O2 - BHO: (no name) - {e9147a0a-a866-4214-b47c-da821891240f} - (no file)
O2 - BHO: (no name) - {e9306072-417e-43e3-81d5-369490beef7c} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Usrr] "C:\PROGRA~1\FNTS~1\wuauclt.exe" -vt yazb
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9877780421
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 6384 bytes

by **Katana** » September 21st, 2007, 8:11 am

Did you do this section ?

Custom CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code: Select all

DirLook::
C:\WINDOWS\provisioning
C:\WINDOWS\peernet
C:\PROGRA~1\FNTS~1

File::
C:\WINDOWS\system32\ace16win.dll
C:\WINDOWS\system32\stfv.bin
C:\WINDOWS\system32\oembios32.dll
C:\WINDOWS\system32\tcprp.dll
C:\WINDOWS\system32\sipov.dll
C:\WINDOWS\system32\vxddsk.exe
C:\WINDOWS\system32\wml.exe
C:\WINDOWS\system32\msole32.exe
C:\PROGRA~1\FNTS~1\wuauclt.exe
C:\WINDOWS\system32\nusrmgr.exe

Folder::
C:\WINDOWS\system32\acespy

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{Y479C6D0-OTRW-U5GH-S1EE-E0AC10B4E666}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12F02779-6D88-4958-8AD3-83C12D86ADC7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

Save this as CFScript.txt and place it on your desktop.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it will produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

If you did there should be a log on your C: drive
C:\ComboFix.txt --- there should be more than one, please post the one with the latest date

by **Katana** » September 25th, 2007, 11:42 am

Do you still need help ?

Due to lack of response this topic is now closed.

If you are the originator of this topic, and you need it re-opened please send an email to 'admin at malwareremoval.com', including a link to this topic.

If you have been helped and wish to donate to help with the costs of this volunteer site, please read Donations For Malware Removal

Please do not contact us if you are not the topic starter. A valid, working link to the closed topic is required along with the user name used. If the user name does not match the one in the thread linked, the email will be deleted.

Gary R

Free Malware Removal Forum

PLease Help INFECTED!

PLease Help INFECTED!

Who is online